Gimp

With many of the deathknight quests broken, making a DK is basically impossible now, due to them only receiving talent points through those quests. I was wondering where I could find the code (in player.cpp perhaps?) that I could comment out to have that class automatically receive all their talent points based on their level like all other classes?

Could you write a small tutorial on how to patch Mangos with this in your first post on page 1? If it was a .patch file it wouldn't be a problem, but the downloads are in .txt. Are we supposed to rename them .patch? A git would be nice because we could use the git pull command.

I agree, this project needs GIT.

Thanks guys

Well considering that definition fits Mangos to a T, I'd say Mangos is an emulator, as it tries to emulate a World of Warcraft Blizzard server.

Ya but the problem with SSH is that it's a pain in the ass to modify things in the DB, especially since our Linux is command line only.

No I mean for accessing and editing your db from remote.

Anyone know a good less hackable alternative to phpmyadmin?

I don't think so, the hackers (two of them) were from Germany. Anyways I recommend everyone not to use phpmyadmin.

Our mysql is set to only allow connections from localhost. Our user/pass combo was username + 8 character pass. Even after we replaced the password with a VERY long and complex pass, they got in just the same. Ever since we got rid of phpmyadmin, the attacks have stopped. I have a feeling they were using some kind of phpMA exploit to bypass it completely. They also tried breaking into our SSH according to the logs but weren't successful.

Well we completely removed phpmyadmin yesterday, and ever since things have been quiet. *crosses fingers*

Even after the password change he's in again! OMFG I can't stop him from getting in

Well I think I found out how he was getting in (I hope so). I talked to him in game and he said he guessed (probably brute forced) the phpmyadmin password. It was a 7 or 8 character pass with numbers and letters. He had full access to the db but luckily he didn't do any major damage. I replaced the pass with a MUCH longer and more complex password.

I believe he's getting in one of 2 ways, he just got back in under a slightly different ip address tonight: 1. SQL injection through the registration page, I'm using Reggacc. I'm not sure how secure it is. Would I be better off using minimanager for registrations? 2. I'm using a vote rewards system developed by a member over at the Trinity forums. In order for it to work I have to have remote access enabled on the database, and it's currently set to ip 0.0.0.0, so any ip can access it.

How does SQL injection work? Would replacing my existing website/mysql passwords with 15-20 character long passwords help?

(On Mangos 3.0.9 rev. 7909) Normally I wouldn't report this but I found it unusual, it wasn't just some noob using WEH. My test server is setup very blizzlike, and I noticed a player at lvl 80 in my Minimanager. There's no way he could have gotten to that level so obviously he hacked with gm commands, so I banned him and deleted his account. The unusual part was that Minimanager didn't show a GM/BT sign next to his account name, in fact his account was set to "player", not moderator or game master. I checked back the gm logs and he was using gm commands to give himself items and delete and spawn npcs.

If I back up my 3.0.9 characters and realmd databases, and restore them onto a fresh 3.1.3 database, do I need to run any kind of converter? I've seen people making comments about 3.0.9 characters being incompatible with the new mangos.

Mangos rev. 8038. It appears CWN's anticheat and Naicisum's ahbot aren't compatible with one another. I can patch the mangos source with one, or the other, but not both.

Is this for a public server?

Holy crap that's awesome dude! :eek:

I'm fully aware of the issue of having 40 bots following your character around causing potential crashes, and I agree that limitations need to be put in place to prevent that. I don't want to load a ton of bots and have them chase me around, but instead plop them down in one place and have them stay there. The only reason I'm suggesting a way to load multiple accounts from one admin character is to make it easier to test server stability. Being able to load up 60 bots instead of finding 60 real testers could help Mangos development. As for security issues I don't think it's anymore of an issue than the security of normal player accounts. Aren't the account passwords encrypted? If they are or not it doesn't matter, a hacker would have to break into the db remotely to read them. Here's an idea: Have a field in a config file where you can name up to 5 extra accounts/passwords, much like databases, allowing you to load the characters from those accounts. Have a master "on/off" switch (0/1) for enabling bots from extra accounts. If it's enabled, bots will cease to have any AI and they will no longer follow you. All they'll do is stand in one place after you spawn them, therefore not causing any potential system crashes.

A way to load bots from other accounts not just the one you're playing on would be sweet

I'm having a problem with reggacc restarting with each server restarter scan. Here's my restarter code: #!/bin/sh ### Set your default mangos Root Directory mangosdir="/opt/mangos7797/bin" ### Set your mangos Binary Name mangosbin="mangos-worldd" ### Set your mangos Pid File mangospid="mangosd.pid" ########## you probably don't need to change anything below here ########## cd $mangosdir # is there a pid file? if test -r $mangospid then # there is a pid file -- is it current? pid=`cat $mangospid` if `kill -CHLD $pid >/dev/null 2>&1` then echo "mangosd is currently running...." exit 0 fi echo "" echo "Stale $mangospid file, erasing..." echo "Attempting to Restart mangosd" rm -f $mangospid ./$mangosbin else echo "$mangospid appears to be missing. Attempting to Restart mangosd" ./$mangosbin fi And my crontab settings: "*/2 * * * * /opt/restarter.sh" Every 2 minutes when crontab runs the script, for some reason the server uptime on the reggacc page resets to 0 (even though Mangos doesn't restart) :mellow:

You mean wowscape?